CVE-2020-2267
maven/io.jenkins.plugins/mongodb
Missing Authorization
A missing permission check in Jenkins MongoDB Plugin allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
All versions up to 1.3
Unfortunately, there is no solution available yet.
2020-09-21
source |